final class \SmartCryptoEcdsaOpenSSL
{ } ::

Class: SmartCryptoEcdsaOpenSSL - provides PHP OpenSSL based EcDSA crypto implementation
Supports (standard): secp521r1/sha512 ; secp384r1/sha384 ; secp256k1/sha256
Supports (non-standard): secp521r1/sha3-512 ; secp384r1/sha3-384 ; secp256k1/sha3-256

Language: PHP
Located at: lib/framework/lib_cryptoas.php
Package: Application
Namespace: \
Class Name: SmartCryptoEcdsaOpenSSL
Version: v.20260113
Depends: extensions: PHP OpenSSL ; classes: Smart, SmartFileSysUtils, SmartCryptoEcdsaAsn1Sig
Usage: static object: Class::method() - This class provides only STATIC methods

class Methods

public static function isAvailable ( ) {} :: BOOL

@return: {BOOL} TRUE if available, FALSE if not

Verifies if OpenSSL extension is Enabled and the openssl local config has been completed, in order to support EcDSA

public static function getPemPublicKeyFromPemPrivateKeyOrPemCertificate ( string $eccPrivKeyOrCertificate, string $privKeyPassword = null ) {} :: ARRAY

@return: {ARRAY} [ err, pubKey, version ]
@param: {STRING} $eccPrivKeyOrCertificate: The PEM Private Key or PEM Certificate
@param: {STRING} $privKeyPassword: *OPTIONAL* The password for the PEM Private Key if requires

Extract the PEM Public Key from a PEM Private Key or a PEM Certificate

public static function decryptPrivateKeyPem ( string $encryptedPrivKeyPem, string $privKeyPassword ) {} :: ARRAY

@return: {ARRAY} [ err, privKey ]
@param: {STRING} $encryptedPrivKeyPem: The encrypted PEM Private Key
@param: {STRING} $privKeyPassword: The password used to decrypt the PEM Private Key

Decrypt an encrypted PEM Private Key using a password

public static function encryptPrivateKeyPem ( string $plainPrivKeyPem, string $privKeyPassword ) {} :: ARRAY

@return: {ARRAY} [ err, privKey ]
@param: {STRING} $plainPrivKeyPem: The plain PEM Private Key
@param: {STRING} $privKeyPassword: The password used to encrypt the PEM Private Key

Encrypt a plain PEM Private Key using a password

public static function signData ( string $eccPrivKey, string $eccPubKey, string $data, string $algo = self::OPENSSL_SIGN_DEF_ALGO, string $privKeyPassword = null, bool $useASN1 = true ) {} :: ARRAY

@return: {ARRAY} [ err, algo, mode, signatureB64 ]
@param: {STRING} $eccPrivKey: The PEM Private Key (plain or encrypted)
@param: {STRING} $eccPubKey: The PEM Public Key, required for verification
@param: {STRING} $data: Data to be Signed
@param: {STRING} $algo: Algorithm to be used for the Signature, must be compliant with the algorithm used by the used keys and certificate ; by example cannot sign using sha256 or sha3-256 with a sha512 or sha3-512 certificate private/public key because the hash size differs
@param: {STRING} $privKeyPassword: *OPTIONAL* The password for the PEM Private Key if requires
@param: {BOOL} $useASN1: *OPTIONAL* by default is TRUE, will create an ASN1 compliant signature ; if set to FALSE will create a Raw (Non-ASN1) signature

Create an EcDSA Digital Signature
Supported Algorithms: sha3-512, sha512, sha3-384, sha384, sha3-256, sha256

public static function verifySignedData ( string $eccPubKey, string $data, string $signatureB64, string $algo = self::OPENSSL_SIGN_DEF_ALGO, bool $useASN1 = true ) {} :: ARRAY

@return: {ARRAY} [ err, algo, mode, verifyResult ] ; the verifyResult must be TRUE if verified, otherwise may return NULL or INTEGER
@param: {STRING} $eccPubKey: The PEM Public Key or the Certificate PEM
@param: {STRING} $data: Data to be Verified
@param: {STRING} $signatureB64: The Base64 Signature
@param: {STRING} $algo: Algorithm to be used for the Signature, must be compliant with the algorithm used by the used keys and certificate ; by example cannot sign using sha256 or sha3-256 with a sha512 or sha3-512 certificate private/public key because the hash size differs
@param: {BOOL} $useASN1: *OPTIONAL* by default is TRUE, will create an ASN1 compliant signature ; if set to FALSE will create a Raw (Non-ASN1) signature

Verify an EcDSA Digital Signature
Supported Algorithms: sha3-512, sha512, sha3-384, sha384, sha3-256, sha256

public static function newCertificate ( array $dNames = ["commonName" => "localhost"], int $years = 1, string $curve = self::OPENSSL_ECDSA_DEF_CURVE, string $algo = self::OPENSSL_CSR_DEF_ALGO, string $privKeyPassword = null ) {} :: ARRAY

@return: {ARRAY} [ err, mode, algo, curve, scheme, years, dNames, certificate, privKey, pubKey, serial, dateTime ]
@param: {ARRAY} $dNames: The MetaInfo Certificate Names, minimum required is: [ commonName ] ; example: ['commonName' => 'My Sample Name', 'emailAddress' => 'my@email.local', 'organizationName' => 'my.local', 'organizationalUnitName' => 'My Sample Test - ECDSA Digital Signature']
@param: {INT} $years: The number of years for the certificate to be valid, 1..100
@param: {STRING} $curve: The EcDSA curve ; can use only: secp521r1 with sha3-256 or sha256 ; secp384r1 with sha3-384 or sha384 ; secp256k1 with sha3-256 or sha256 ; any other combinations are invalid due to the hash size required by the curve
@param: {STRING} $algo: Algorithm to be used for the Signature, must be compliant with the algorithm used by the curve
@param: {STRING} $privKeyPassword: *OPTIONAL* The password for the PEM Private Key ; if provided the returned Private Key PEM will be encrypted

Create a New EcDSA Certificate and the key Pair as Private and Public Key, all in PEM format
Supported Algorithms: sha3-512, sha512, sha3-384, sha384, sha3-256, sha256
Supported Curves: secp521r1, secp384r1, secp256k1

public static function isValidPrivateKeyPEM ( string $eccPrivKey ) {} :: BOOL

@return: {BOOL} TRUE if Valid, FALSE if not valid or not supported
@param: {STRING} $eccPrivKey: The plain or encrypted Private Key PEM

Validates a Private Key PEM format
It does not validate the type, by example if it is EcDSA or RSA
Supports: Plain or Encrypted Private Key PEM
Plain Private Key PEM, in base 64 format must be enclosed within: -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY-----
Encrypted Private Key PEM, in base 64 format must be enclosed within: -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- and having Proc-Type: 4,ENCRYPTED in header
or, alternate encrypted key as
Encrypted Private Key PEM, in base 64 format must be enclosed within: -----BEGIN ENCRYPTED PRIVATE KEY----- ... -----END ENCRYPTED PRIVATE KEY-----

public static function isValidPublicKeyPEM ( string $eccPubKey ) {} :: BOOL

@return: {BOOL} TRUE if Valid, FALSE if not valid or not supported
@param: {STRING} $eccPubKey: The Public Key PEM

Validates a Public Key PEM format
It does not validate the type, by example if it is EcDSA or RSA
Public Key PEM, in base 64 format must be enclosed within: -----BEGIN PUBLIC KEY----- ... -----END PUBLIC KEY-----

public static function isValidCertificatePEM ( string $eccCertPem ) {} :: BOOL

@return: {BOOL} TRUE if Valid, FALSE if not valid or not supported
@param: {STRING} $eccCertPem: The Certificate PEM

Validates a Certificate PEM format
It does not validate the type, by example if it is EcDSA or RSA
Certificate PEM, in base 64 format must be enclosed within: -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----

class Properties

class Constants

public const OPENSSL_ECDSA_DEF_CURVE = "secp521r1" ; ::

public const OPENSSL_CSR_DEF_ALGO = "sha512" ; ::

public const SIGNATURE_MODE_ASN1 = "ASN1" ; ::

public const SIGNATURE_MODE_NON_ASN1 = "nonASN1" ; ::

public const OPENSSL_SIGN_DEF_ALGO = "sha3-512" ; ::

documentation generated on: 2026-01-14 01:50:49 +0000

final class \SmartCryptoEcdsaOpenSSL { } ::

class Methods

class Properties

class Constants

final class \SmartCryptoEcdsaOpenSSL
{ } ::